This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

macOS - Sophos Endpoint Protection - Real-time protection deactivated

Hello,


I have a Macbook Pro (2019 Intel) with macOS 14.6.1 (Build23G93) with Sophos Endpoint 2024.2.0.35 in Sophos Central.
On this endpoint, real-time protection is deactivated from time to time, without any influences.

So far, a scan or an update of the agent has solved the problem and I have received a message in the events that real-time protection has been reactivated. But a day later it is deactivated again. Reinstalling Sophos Endpoint did not solve the problem either. The default policies were used in Sophos Endpoint and no adjustments were made.

I would like to ask if anyone knows of similar behaviour and has a solution.

Many thanks in advance.
With kind regards
Patrice



This thread was automatically locked due to age.
  • I would also like to ask if anyone knows the service at Macos that is responsible for real-time protection. I would like to restart/check whether it is running. 

  • Hi Patrice,

    Thanks for reaching out to the Sophos Community Forum. 

    When the system shows real-time protection deactivated, could you check the Sophos Endpoint Self Help tool on the device? 

    I am curious to find out what is displayed in the "Service" and "Prerequisites" tab. The Real-time protection status will change when the "Sophos Scan Extension" is experiencing issues. 

     I suggest trying to run the following command in the terminal as well to see if the system extension for Sophos shows anything other than "activated enabled"

    • sudo systemextensionsctl list
    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids